CVE-2023-23936|Undici is an HTTP/1.1 client for... - VULHUB开源网络安全威胁库

Undici is an HTTP/1.1 client for... CVE-2023-23936

- AV AC AU C I A

发布： 2023-02-16

修订： 2023-02-24

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有4条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™

Undici is an HTTP/1.1 client for... CVE-2023-23936

漏洞利用/PoC

受影响的平台与产品

贡献用户

相关漏洞清单查看更多>

Undici is an HTTP/1.1 client for... CVE-2023-23936

漏洞利用/PoC

受影响的平台与产品

贡献用户

相关漏洞清单 查看更多>

相关漏洞清单查看更多>